Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/LsXYjrjtcFruHy0Xsx-YzdXSSk0.roa
File: LsXYjrjtcFruHy0Xsx-YzdXSSk0.roa (raw, json)
Hash identifier: dkMfT/u2kIwaZXzUHMjpU4ARix+vR+H4IPW7qIHRzPg=
Subject key identifier: 2E:C5:D8:8E:B8:ED:70:5A:EE:1F:2D:17:B3:1F:98:CD:D5:D2:4A:4D
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 019A2EFED19A4E30EE6237A3431FD27B02C0
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/LsXYjrjtcFruHy0Xsx-YzdXSSk0.roa
Signing time: Wed 29 Oct 2025 08:04:03 +0000
ROA not before: Wed 29 Oct 2025 08:04:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5650
IP address blocks: 64.43.104.0/22 maxlen: 22
64.43.112.0/22 maxlen: 22
64.43.124.0/22 maxlen: 22
77.36.120.0/22 maxlen: 22
91.245.184.0/22 maxlen: 22
176.102.124.0/22 maxlen: 22
176.116.232.0/22 maxlen: 22
178.212.184.0/21 maxlen: 21
178.212.184.0/22 maxlen: 22
178.212.188.0/22 maxlen: 22
185.55.4.0/22 maxlen: 22
185.55.4.0/23 maxlen: 23
185.55.6.0/23 maxlen: 23
185.55.140.0/22 maxlen: 22
185.55.140.0/23 maxlen: 23
185.55.142.0/23 maxlen: 23
193.36.204.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:2e:fe:d1:9a:4e:30:ee:62:37:a3:43:1f:d2:7b:02:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Oct 29 08:04:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2ec5d88eb8ed705aee1f2d17b31f98cdd5d24a4d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:80:ff:65:b6:b2:17:a2:26:16:92:39:d9:de:
03:c1:0d:85:7a:c3:dd:3a:04:99:6f:0f:06:6b:5c:
08:bf:08:3a:1a:e1:5f:a8:ab:ae:b8:46:eb:fb:64:
97:b3:0d:13:7e:82:61:30:4b:12:72:4c:6c:6c:16:
1d:31:3e:3c:9a:eb:da:7c:a9:68:2f:d3:c7:ef:3a:
61:10:54:48:4b:e2:50:67:92:af:cf:5a:f8:4e:63:
9a:e0:61:04:f9:65:9c:55:62:65:18:7f:e4:f1:1b:
1d:97:d9:49:14:e7:27:b8:36:12:b9:d9:53:f5:ba:
8e:b4:1c:d7:1b:9d:7f:c0:c8:8d:b1:be:86:e2:d0:
3f:94:ed:25:b5:43:06:b2:7f:05:d6:e8:45:0f:99:
7d:45:5e:94:10:55:95:4b:74:8f:63:64:b9:bb:55:
ab:72:b1:28:5c:4c:e0:aa:70:b6:38:3f:51:25:9a:
fa:a0:b4:85:db:3f:6a:a2:f0:49:7d:5a:c2:d8:41:
6a:a9:e6:2b:77:bc:df:07:81:02:61:6c:ae:a6:cb:
25:e0:df:62:52:a5:b7:6c:4e:eb:d8:7d:48:c8:1d:
c4:ee:57:3f:f1:c9:a7:f9:c4:00:03:a5:dc:a7:5c:
01:c6:0a:d7:0c:67:29:98:f4:81:27:d7:33:d0:06:
e7:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:C5:D8:8E:B8:ED:70:5A:EE:1F:2D:17:B3:1F:98:CD:D5:D2:4A:4D
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/LsXYjrjtcFruHy0Xsx-YzdXSSk0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.43.104.0/22
64.43.112.0/22
64.43.124.0/22
77.36.120.0/22
91.245.184.0/22
176.102.124.0/22
176.116.232.0/22
178.212.184.0/21
185.55.4.0/22
185.55.140.0/22
193.36.204.0/22
Signature Algorithm: sha256WithRSAEncryption
87:e5:f7:07:cd:4a:73:68:70:8c:0c:7e:12:7f:b7:bc:62:59:
5b:03:fc:25:c3:9a:74:bc:85:b4:52:03:15:3f:59:7f:51:64:
71:06:97:fa:a5:e9:ce:70:4e:46:17:5f:e0:29:20:d2:f2:36:
ab:79:c0:e1:ea:f6:3a:87:fd:1b:b7:77:13:2c:40:f4:09:72:
83:5b:09:17:f0:cf:1f:cd:52:5e:e7:d9:23:f5:2b:63:5c:16:
7c:4b:49:e3:47:92:40:6b:57:7d:10:fe:42:6a:7c:ea:6c:36:
02:6e:02:b4:c1:a0:22:db:6e:5b:80:a4:a2:19:96:4d:5f:f1:
4c:9f:11:c6:4d:0e:b0:f2:74:c8:a9:4b:b9:a0:7d:20:f4:38:
23:4e:46:4f:63:dd:71:ae:5f:b5:1f:9b:40:08:97:25:7d:e7:
ad:dd:cc:dd:e9:ea:19:f5:78:1e:29:4d:86:77:d3:68:5d:24:
35:a1:91:48:51:9a:c2:7b:17:0f:d5:98:cc:20:69:a1:31:31:
40:dc:ec:69:ea:89:8c:44:d9:1c:1f:c8:c1:f8:bf:35:87:0b:
cc:05:ba:0e:2f:aa:cf:02:10:1f:4e:52:83:e4:33:44:97:ee:
85:5a:e0:43:92:ef:fb:bd:1e:8c:59:7c:bb:70:d5:23:28:75:
cc:ce:d9:66
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZou/tGaTjDuYjejQx/SewLAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUxMDI5MDgwNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWM1ZDg4ZWI4ZWQ3MDVhZWUxZjJkMTdiMzFmOThjZGQ1ZDI0YTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApID/ZbayF6ImFpI52d4DwQ2FesPd
OgSZbw8Ga1wIvwg6GuFfqKuuuEbr+2SXsw0TfoJhMEsSckxsbBYdMT48muvafKlo
L9PH7zphEFRIS+JQZ5Kvz1r4TmOa4GEE+WWcVWJlGH/k8Rsdl9lJFOcnuDYSudlT
9bqOtBzXG51/wMiNsb6G4tA/lO0ltUMGsn8F1uhFD5l9RV6UEFWVS3SPY2S5u1Wr
crEoXEzgqnC2OD9RJZr6oLSF2z9qovBJfVrC2EFqqeYrd7zfB4ECYWyupssl4N9i
UqW3bE7r2H1IyB3E7lc/8cmn+cQAA6Xcp1wBxgrXDGcpmPSBJ9cz0AbnfwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFC7F2I647XBa7h8tF7MfmM3V0kpNMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvTHNYWWpyanRjRnJ1SHkwWHN4LVl6ZFhTU2swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCQCtoAwQC
QCtwAwQCQCt8AwQCTSR4AwQCW/W4AwQCsGZ8AwQCsHToAwQDstS4AwQCuTcEAwQC
uTeMAwQCwSTMMA0GCSqGSIb3DQEBCwUAA4IBAQCH5fcHzUpzaHCMDH4Sf7e8Yllb
A/wlw5p0vIW0UgMVP1l/UWRxBpf6penOcE5GF1/gKSDS8jarecDh6vY6h/0bt3cT
LED0CXKDWwkX8M8fzVJe59kj9StjXBZ8S0njR5JAa1d9EP5CanzqbDYCbgK0waAi
225bgKSiGZZNX/FMnxHGTQ6w8nTIqUu5oH0g9DgjTkZPY91xrl+1H5tACJclfeet
3czd6eoZ9XgeKU2Gd9NoXSQ1oZFIUZrCexcP1ZjMIGmhMTFA3Oxp6omMRNkcH8jB
+L81hwvMBboOL6rPAhAfTlKD5DNEl+6FWuBDku/7vR6MWXy7cNUjKHXMztlm
-----END CERTIFICATE-----
Generated at Tue Nov 4 20:36:03 2025 by rpki-client